Well I kind of hate just putting something about nothing, but just for updates sake. I have been stoopid busy lately. I just got through testing an srx3400 (which is the low-end midrange box, there are three other higher performing boxes) for performance using breaking point elite box. All I can say is wow, these product line is off the charts in terms of performance, mind boggling connections per second. I have also been working on some new junoscripts to display in the cli a more concise summary of the policy hit counts much like you would see in IOS. I have also been working on a UAC/NAC proof of concept using juniper’s UAC, SA 2500, ex 4200, an SSG5 and an enterasys 2G4072-52.
Here is what i tested in SRX and some perf numbers (Junos 9.5)
Ran IMIX of tcp traffic, ramping up 150K new connections per second up to 1M concurrent sessions, 10Gbps throuhput for 10 mins. This was with full stateful firewall. This test was done using a breaking point elite with 2x10GE ports.
Also successfully ran 10Gbps udp at 1400bytes packets, 512 byte packets, no problem. 64 byte packets are a problem because there is a hard limit of 1M pps on each SPC.
Other SRX tests:
Jsrp – sessions are replicated, as of 9.5 only link detection for failover, 9.6 you can do track ip
NSM management – everything we wanted to see was there
Traffic logs – you can log session init, session close, idp deny, acl deny, however this must be sent out an IOC, not outa management port. this is because of the sheer volume of logs.
IDP – was able to block chat (Yahoo, gmail chat, aol IM)
Also working on some similar ns5k testing. I can post configs for any of this if anyone is interested.